2003-06-16 13:33:38 +00:00
|
|
|
|
#include "globals.hh"
|
2006-09-04 21:06:23 +00:00
|
|
|
|
#include "util.hh"
|
2014-07-16 14:02:05 +00:00
|
|
|
|
#include "archive.hh"
|
2017-04-13 18:53:23 +00:00
|
|
|
|
#include "args.hh"
|
2020-09-21 16:49:43 +00:00
|
|
|
|
#include "abstract-setting-to-json.hh"
|
2021-02-16 13:32:12 +00:00
|
|
|
|
#include "compute-levels.hh"
|
2003-06-16 13:33:38 +00:00
|
|
|
|
|
2005-09-22 15:43:22 +00:00
|
|
|
|
#include <algorithm>
|
2017-02-27 15:01:54 +00:00
|
|
|
|
#include <map>
|
2023-02-01 16:24:14 +00:00
|
|
|
|
#include <mutex>
|
2017-02-27 15:01:54 +00:00
|
|
|
|
#include <thread>
|
2018-02-08 16:26:18 +00:00
|
|
|
|
#include <dlfcn.h>
|
2020-01-12 23:12:34 +00:00
|
|
|
|
#include <sys/utsname.h>
|
2005-02-01 22:07:48 +00:00
|
|
|
|
|
2020-08-20 09:02:16 +00:00
|
|
|
|
#include <nlohmann/json.hpp>
|
|
|
|
|
|
|
2023-02-01 16:12:11 +00:00
|
|
|
|
#include <sodium/core.h>
|
|
|
|
|
|
|
2023-02-01 16:24:14 +00:00
|
|
|
|
#ifdef __GLIBC__
|
|
|
|
|
|
#include <gnu/lib-names.h>
|
|
|
|
|
|
#include <nss.h>
|
|
|
|
|
|
#include <dlfcn.h>
|
|
|
|
|
|
#endif
|
2005-02-01 22:07:48 +00:00
|
|
|
|
|
2023-04-10 02:39:04 +00:00
|
|
|
|
#include "config-impl.hh"
|
|
|
|
|
|
|
2023-10-19 14:59:35 +00:00
|
|
|
|
#ifdef __APPLE__
|
|
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
|
|
#endif
|
2023-04-10 02:39:04 +00:00
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
namespace nix {
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-03-08 00:24:59 +00:00
|
|
|
|
/* The default location of the daemon socket, relative to nixStateDir.
|
|
|
|
|
|
The socket is in a directory to allow you to control access to the
|
|
|
|
|
|
Nix daemon by setting the mode/ownership of the directory
|
|
|
|
|
|
appropriately. (This wouldn't work on the socket itself since it
|
|
|
|
|
|
must be deleted and recreated on startup.) */
|
|
|
|
|
|
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
|
|
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
Settings settings;
|
2003-07-31 13:47:13 +00:00
|
|
|
|
|
2020-10-06 11:36:55 +00:00
|
|
|
|
static GlobalConfig::Register rSettings(&settings);
|
2018-03-27 16:41:31 +00:00
|
|
|
|
|
2012-07-30 23:55:41 +00:00
|
|
|
|
Settings::Settings()
|
2018-03-27 16:41:31 +00:00
|
|
|
|
: nixPrefix(NIX_PREFIX)
|
2023-03-01 19:01:36 +00:00
|
|
|
|
, nixStore(canonPath(getEnvNonEmpty("NIX_STORE_DIR").value_or(getEnvNonEmpty("NIX_STORE").value_or(NIX_STORE_DIR))))
|
|
|
|
|
|
, nixDataDir(canonPath(getEnvNonEmpty("NIX_DATA_DIR").value_or(NIX_DATA_DIR)))
|
|
|
|
|
|
, nixLogDir(canonPath(getEnvNonEmpty("NIX_LOG_DIR").value_or(NIX_LOG_DIR)))
|
|
|
|
|
|
, nixStateDir(canonPath(getEnvNonEmpty("NIX_STATE_DIR").value_or(NIX_STATE_DIR)))
|
|
|
|
|
|
, nixConfDir(canonPath(getEnvNonEmpty("NIX_CONF_DIR").value_or(NIX_CONF_DIR)))
|
2020-03-30 13:31:14 +00:00
|
|
|
|
, nixUserConfFiles(getUserConfigFiles())
|
2023-03-01 19:01:36 +00:00
|
|
|
|
, nixBinDir(canonPath(getEnvNonEmpty("NIX_BIN_DIR").value_or(NIX_BIN_DIR)))
|
2018-02-14 22:05:55 +00:00
|
|
|
|
, nixManDir(canonPath(NIX_MAN_DIR))
|
2023-03-01 19:01:36 +00:00
|
|
|
|
, nixDaemonSocketFile(canonPath(getEnvNonEmpty("NIX_DAEMON_SOCKET_PATH").value_or(nixStateDir + DEFAULT_SOCKET_PATH)))
|
2012-07-30 23:55:41 +00:00
|
|
|
|
{
|
2014-05-02 10:46:03 +00:00
|
|
|
|
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
|
2020-09-21 16:29:08 +00:00
|
|
|
|
allowSymlinkedStore = getEnv("NIX_IGNORE_SYMLINK_STORE") == "1";
|
2017-06-12 14:44:43 +00:00
|
|
|
|
|
2023-03-17 17:32:18 +00:00
|
|
|
|
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
|
|
|
|
|
|
if (sslOverride != "")
|
|
|
|
|
|
caFile = sslOverride;
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
|
2017-05-02 12:36:59 +00:00
|
|
|
|
/* Backwards compatibility. */
|
|
|
|
|
|
auto s = getEnv("NIX_REMOTE_SYSTEMS");
|
2019-11-22 15:06:44 +00:00
|
|
|
|
if (s) {
|
2017-10-24 08:52:34 +00:00
|
|
|
|
Strings ss;
|
2019-11-22 15:06:44 +00:00
|
|
|
|
for (auto & p : tokenizeString<Strings>(*s, ":"))
|
2017-10-24 08:52:34 +00:00
|
|
|
|
ss.push_back("@" + p);
|
|
|
|
|
|
builders = concatStringsSep(" ", ss);
|
|
|
|
|
|
}
|
2017-05-02 12:36:59 +00:00
|
|
|
|
|
2017-05-15 15:30:33 +00:00
|
|
|
|
#if defined(__linux__) && defined(SANDBOX_SHELL)
|
|
|
|
|
|
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL);
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
#endif
|
|
|
|
|
|
|
2022-06-22 20:43:53 +00:00
|
|
|
|
/* chroot-like behavior from Apple's sandbox */
|
2020-03-20 20:31:20 +00:00
|
|
|
|
#if __APPLE__
|
2020-03-20 21:12:30 +00:00
|
|
|
|
sandboxPaths = tokenizeString<StringSet>("/System/Library/Frameworks /System/Library/PrivateFrameworks /bin/sh /bin/bash /private/tmp /private/var/tmp /usr/lib");
|
2020-03-20 20:31:20 +00:00
|
|
|
|
allowedImpureHostPrefixes = tokenizeString<StringSet>("/System/Library /usr/lib /dev /bin/sh");
|
|
|
|
|
|
#endif
|
2022-06-22 20:43:53 +00:00
|
|
|
|
|
2023-06-14 20:57:42 +00:00
|
|
|
|
/* Set the build hook location
|
|
|
|
|
|
|
|
|
|
|
|
For builds we perform a self-invocation, so Nix has to be self-aware.
|
|
|
|
|
|
That is, it has to know where it is installed. We don't think it's sentient.
|
|
|
|
|
|
|
|
|
|
|
|
Normally, nix is installed according to `nixBinDir`, which is set at compile time,
|
|
|
|
|
|
but can be overridden. This makes for a great default that works even if this
|
|
|
|
|
|
code is linked as a library into some other program whose main is not aware
|
|
|
|
|
|
that it might need to be a build remote hook.
|
|
|
|
|
|
|
|
|
|
|
|
However, it may not have been installed at all. For example, if it's a static build,
|
|
|
|
|
|
there's a good chance that it has been moved out of its installation directory.
|
|
|
|
|
|
That makes `nixBinDir` useless. Instead, we'll query the OS for the path to the
|
|
|
|
|
|
current executable, using `getSelfExe()`.
|
|
|
|
|
|
|
|
|
|
|
|
As a last resort, we resort to `PATH`. Hopefully we find a `nix` there that's compatible.
|
|
|
|
|
|
If you're porting Nix to a new platform, that might be good enough for a while, but
|
|
|
|
|
|
you'll want to improve `getSelfExe()` to work on your platform.
|
|
|
|
|
|
*/
|
|
|
|
|
|
std::string nixExePath = nixBinDir + "/nix";
|
|
|
|
|
|
if (!pathExists(nixExePath)) {
|
|
|
|
|
|
nixExePath = getSelfExe().value_or("nix");
|
|
|
|
|
|
}
|
2023-05-19 14:56:59 +00:00
|
|
|
|
buildHook = {
|
|
|
|
|
|
nixExePath,
|
|
|
|
|
|
"__build-remote",
|
|
|
|
|
|
};
|
2005-09-22 15:43:22 +00:00
|
|
|
|
}
|
2005-02-01 22:07:48 +00:00
|
|
|
|
|
2018-03-27 16:41:31 +00:00
|
|
|
|
void loadConfFile()
|
2005-02-01 22:07:48 +00:00
|
|
|
|
{
|
2024-03-04 05:22:47 +00:00
|
|
|
|
auto applyConfigFile = [&](const Path & path) {
|
|
|
|
|
|
try {
|
|
|
|
|
|
std::string contents = readFile(path);
|
|
|
|
|
|
globalConfig.applyConfig(contents, path);
|
|
|
|
|
|
} catch (SysError &) { }
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
applyConfigFile(settings.nixConfDir + "/nix.conf");
|
2017-04-20 12:58:16 +00:00
|
|
|
|
|
|
|
|
|
|
/* We only want to send overrides to the daemon, i.e. stuff from
|
|
|
|
|
|
~/.nix/nix.conf or the command line. */
|
2021-03-26 15:14:38 +00:00
|
|
|
|
globalConfig.resetOverridden();
|
2017-04-20 12:58:16 +00:00
|
|
|
|
|
2020-03-30 13:31:14 +00:00
|
|
|
|
auto files = settings.nixUserConfFiles;
|
|
|
|
|
|
for (auto file = files.rbegin(); file != files.rend(); file++) {
|
2024-03-04 05:22:47 +00:00
|
|
|
|
applyConfigFile(*file);
|
2020-03-30 13:31:14 +00:00
|
|
|
|
}
|
2020-10-19 21:08:50 +00:00
|
|
|
|
|
|
|
|
|
|
auto nixConfEnv = getEnv("NIX_CONFIG");
|
|
|
|
|
|
if (nixConfEnv.has_value()) {
|
|
|
|
|
|
globalConfig.applyConfig(nixConfEnv.value(), "NIX_CONFIG");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-03-30 13:31:14 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
std::vector<Path> getUserConfigFiles()
|
|
|
|
|
|
{
|
|
|
|
|
|
// Use the paths specified in NIX_USER_CONF_FILES if it has been defined
|
|
|
|
|
|
auto nixConfFiles = getEnv("NIX_USER_CONF_FILES");
|
|
|
|
|
|
if (nixConfFiles.has_value()) {
|
2022-02-25 15:00:00 +00:00
|
|
|
|
return tokenizeString<std::vector<std::string>>(nixConfFiles.value(), ":");
|
2020-03-30 13:31:14 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Use the paths specified by the XDG spec
|
|
|
|
|
|
std::vector<Path> files;
|
2018-10-25 11:00:21 +00:00
|
|
|
|
auto dirs = getConfigDirs();
|
2020-03-30 13:31:14 +00:00
|
|
|
|
for (auto & dir : dirs) {
|
|
|
|
|
|
files.insert(files.end(), dir + "/nix/nix.conf");
|
2018-10-25 11:00:21 +00:00
|
|
|
|
}
|
2020-03-30 13:31:14 +00:00
|
|
|
|
return files;
|
2005-02-01 22:07:48 +00:00
|
|
|
|
}
|
2005-02-14 13:07:09 +00:00
|
|
|
|
|
2017-04-13 18:53:23 +00:00
|
|
|
|
unsigned int Settings::getDefaultCores()
|
2006-12-08 15:44:00 +00:00
|
|
|
|
{
|
2022-07-19 06:09:46 +00:00
|
|
|
|
const unsigned int concurrency = std::max(1U, std::thread::hardware_concurrency());
|
|
|
|
|
|
const unsigned int maxCPU = getMaxCPU();
|
2022-07-15 04:14:29 +00:00
|
|
|
|
|
2022-07-19 06:09:46 +00:00
|
|
|
|
if (maxCPU > 0)
|
|
|
|
|
|
return maxCPU;
|
|
|
|
|
|
else
|
|
|
|
|
|
return concurrency;
|
2009-02-27 11:04:41 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-19 14:59:35 +00:00
|
|
|
|
#if __APPLE__
|
|
|
|
|
|
static bool hasVirt() {
|
|
|
|
|
|
|
|
|
|
|
|
int hasVMM;
|
|
|
|
|
|
int hvSupport;
|
|
|
|
|
|
size_t size;
|
|
|
|
|
|
|
|
|
|
|
|
size = sizeof(hasVMM);
|
|
|
|
|
|
if (sysctlbyname("kern.hv_vmm_present", &hasVMM, &size, NULL, 0) == 0) {
|
|
|
|
|
|
if (hasVMM)
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// whether the kernel and hardware supports virt
|
|
|
|
|
|
size = sizeof(hvSupport);
|
|
|
|
|
|
if (sysctlbyname("kern.hv_support", &hvSupport, &size, NULL, 0) == 0) {
|
|
|
|
|
|
return hvSupport == 1;
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
2018-09-28 13:57:27 +00:00
|
|
|
|
StringSet Settings::getDefaultSystemFeatures()
|
|
|
|
|
|
{
|
|
|
|
|
|
/* For backwards compatibility, accept some "features" that are
|
|
|
|
|
|
used in Nixpkgs to route builds to certain machines but don't
|
|
|
|
|
|
actually require anything special on the machines. */
|
2021-11-19 02:28:20 +00:00
|
|
|
|
StringSet features{"nixos-test", "benchmark", "big-parallel"};
|
2018-09-28 13:57:27 +00:00
|
|
|
|
|
2022-11-08 15:03:42 +00:00
|
|
|
|
#if __linux__
|
|
|
|
|
|
features.insert("uid-range");
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
2018-09-28 13:57:27 +00:00
|
|
|
|
#if __linux__
|
|
|
|
|
|
if (access("/dev/kvm", R_OK | W_OK) == 0)
|
|
|
|
|
|
features.insert("kvm");
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
2023-10-19 14:59:35 +00:00
|
|
|
|
#if __APPLE__
|
|
|
|
|
|
if (hasVirt())
|
|
|
|
|
|
features.insert("apple-virt");
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
2018-09-28 13:57:27 +00:00
|
|
|
|
return features;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2020-12-03 21:35:38 +00:00
|
|
|
|
StringSet Settings::getDefaultExtraPlatforms()
|
|
|
|
|
|
{
|
2021-02-16 13:32:12 +00:00
|
|
|
|
StringSet extraPlatforms;
|
|
|
|
|
|
|
2020-12-03 21:35:38 +00:00
|
|
|
|
if (std::string{SYSTEM} == "x86_64-linux" && !isWSL1())
|
2021-02-16 13:32:12 +00:00
|
|
|
|
extraPlatforms.insert("i686-linux");
|
|
|
|
|
|
|
|
|
|
|
|
#if __linux__
|
|
|
|
|
|
StringSet levels = computeLevels();
|
|
|
|
|
|
for (auto iter = levels.begin(); iter != levels.end(); ++iter)
|
|
|
|
|
|
extraPlatforms.insert(*iter + "-linux");
|
|
|
|
|
|
#elif __APPLE__
|
2020-12-03 21:35:38 +00:00
|
|
|
|
// Rosetta 2 emulation layer can run x86_64 binaries on aarch64
|
|
|
|
|
|
// machines. Note that we can’t force processes from executing
|
|
|
|
|
|
// x86_64 in aarch64 environments or vice versa since they can
|
|
|
|
|
|
// always exec with their own binary preferences.
|
2022-10-14 07:35:33 +00:00
|
|
|
|
if (std::string{SYSTEM} == "aarch64-darwin" &&
|
|
|
|
|
|
runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/usr/bin/true"}, .mergeStderrToStdout = true}).first == 0)
|
|
|
|
|
|
extraPlatforms.insert("x86_64-darwin");
|
2020-12-03 21:35:38 +00:00
|
|
|
|
#endif
|
2021-02-16 13:32:12 +00:00
|
|
|
|
|
|
|
|
|
|
return extraPlatforms;
|
2020-12-03 21:35:38 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2019-12-20 20:40:23 +00:00
|
|
|
|
bool Settings::isWSL1()
|
|
|
|
|
|
{
|
|
|
|
|
|
struct utsname utsbuf;
|
|
|
|
|
|
uname(&utsbuf);
|
|
|
|
|
|
// WSL1 uses -Microsoft suffix
|
|
|
|
|
|
// WSL2 uses -microsoft-standard suffix
|
|
|
|
|
|
return hasSuffix(utsbuf.release, "-Microsoft");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-03-17 17:32:18 +00:00
|
|
|
|
Path Settings::getDefaultSSLCertFile()
|
|
|
|
|
|
{
|
|
|
|
|
|
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
|
2023-05-26 13:32:28 +00:00
|
|
|
|
if (pathAccessible(fn)) return fn;
|
2023-03-17 17:32:18 +00:00
|
|
|
|
return "";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-02-25 15:00:00 +00:00
|
|
|
|
const std::string nixVersion = PACKAGE_VERSION;
|
2009-02-27 11:04:41 +00:00
|
|
|
|
|
2020-09-20 05:26:07 +00:00
|
|
|
|
NLOHMANN_JSON_SERIALIZE_ENUM(SandboxMode, {
|
|
|
|
|
|
{SandboxMode::smEnabled, true},
|
|
|
|
|
|
{SandboxMode::smRelaxed, "relaxed"},
|
|
|
|
|
|
{SandboxMode::smDisabled, false},
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2023-04-10 02:39:04 +00:00
|
|
|
|
template<> SandboxMode BaseSetting<SandboxMode>::parse(const std::string & str) const
|
2008-11-20 12:25:11 +00:00
|
|
|
|
{
|
2023-04-10 02:39:04 +00:00
|
|
|
|
if (str == "true") return smEnabled;
|
|
|
|
|
|
else if (str == "relaxed") return smRelaxed;
|
|
|
|
|
|
else if (str == "false") return smDisabled;
|
2017-04-13 18:53:23 +00:00
|
|
|
|
else throw UsageError("option '%s' has invalid value '%s'", name, str);
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-10 02:39:04 +00:00
|
|
|
|
template<> struct BaseSetting<SandboxMode>::trait
|
2020-10-29 17:17:39 +00:00
|
|
|
|
{
|
2023-04-10 02:39:04 +00:00
|
|
|
|
static constexpr bool appendable = false;
|
|
|
|
|
|
};
|
2020-10-29 17:17:39 +00:00
|
|
|
|
|
2019-12-17 16:17:53 +00:00
|
|
|
|
template<> std::string BaseSetting<SandboxMode>::to_string() const
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 03:50:18 +00:00
|
|
|
|
{
|
2017-04-13 18:53:23 +00:00
|
|
|
|
if (value == smEnabled) return "true";
|
|
|
|
|
|
else if (value == smRelaxed) return "relaxed";
|
|
|
|
|
|
else if (value == smDisabled) return "false";
|
|
|
|
|
|
else abort();
|
2008-11-20 12:25:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2017-06-07 16:41:20 +00:00
|
|
|
|
template<> void BaseSetting<SandboxMode>::convertToArg(Args & args, const std::string & category)
|
2017-06-07 14:17:17 +00:00
|
|
|
|
{
|
2020-05-04 20:40:19 +00:00
|
|
|
|
args.addFlag({
|
|
|
|
|
|
.longName = name,
|
|
|
|
|
|
.description = "Enable sandboxing.",
|
|
|
|
|
|
.category = category,
|
2022-10-22 13:25:35 +00:00
|
|
|
|
.handler = {[this]() { override(smEnabled); }}
|
2020-05-04 20:40:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
args.addFlag({
|
|
|
|
|
|
.longName = "no-" + name,
|
|
|
|
|
|
.description = "Disable sandboxing.",
|
|
|
|
|
|
.category = category,
|
2022-10-22 13:25:35 +00:00
|
|
|
|
.handler = {[this]() { override(smDisabled); }}
|
2020-05-04 20:40:19 +00:00
|
|
|
|
});
|
|
|
|
|
|
args.addFlag({
|
|
|
|
|
|
.longName = "relaxed-" + name,
|
|
|
|
|
|
.description = "Enable sandboxing, but allow builds to disable it.",
|
|
|
|
|
|
.category = category,
|
2022-10-22 13:25:35 +00:00
|
|
|
|
.handler = {[this]() { override(smRelaxed); }}
|
2020-05-04 20:40:19 +00:00
|
|
|
|
});
|
2017-06-07 14:17:17 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-04-10 02:39:04 +00:00
|
|
|
|
unsigned int MaxBuildJobsSetting::parse(const std::string & str) const
|
2014-02-08 05:05:46 +00:00
|
|
|
|
{
|
2023-04-10 02:39:04 +00:00
|
|
|
|
if (str == "auto") return std::max(1U, std::thread::hardware_concurrency());
|
2021-01-08 11:22:21 +00:00
|
|
|
|
else {
|
|
|
|
|
|
if (auto n = string2Int<decltype(value)>(str))
|
2023-04-10 02:39:04 +00:00
|
|
|
|
return *n;
|
2021-01-08 11:22:21 +00:00
|
|
|
|
else
|
|
|
|
|
|
throw UsageError("configuration setting '%s' should be 'auto' or an integer", name);
|
|
|
|
|
|
}
|
2014-02-08 05:05:46 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2018-02-08 16:26:18 +00:00
|
|
|
|
|
2023-04-10 02:39:04 +00:00
|
|
|
|
Paths PluginFilesSetting::parse(const std::string & str) const
|
2021-01-28 12:37:04 +00:00
|
|
|
|
{
|
|
|
|
|
|
if (pluginsLoaded)
|
|
|
|
|
|
throw UsageError("plugin-files set after plugins were loaded, you may need to move the flag before the subcommand");
|
2023-04-10 02:39:04 +00:00
|
|
|
|
return BaseSetting<Paths>::parse(str);
|
2021-01-28 12:37:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2018-02-08 16:26:18 +00:00
|
|
|
|
void initPlugins()
|
|
|
|
|
|
{
|
2021-01-28 14:37:43 +00:00
|
|
|
|
assert(!settings.pluginFiles.pluginsLoaded);
|
2018-02-08 16:26:18 +00:00
|
|
|
|
for (const auto & pluginFile : settings.pluginFiles.get()) {
|
2018-02-13 12:51:52 +00:00
|
|
|
|
Paths pluginFiles;
|
|
|
|
|
|
try {
|
|
|
|
|
|
auto ents = readDirectory(pluginFile);
|
|
|
|
|
|
for (const auto & ent : ents)
|
|
|
|
|
|
pluginFiles.emplace_back(pluginFile + "/" + ent.name);
|
|
|
|
|
|
} catch (SysError & e) {
|
|
|
|
|
|
if (e.errNo != ENOTDIR)
|
|
|
|
|
|
throw;
|
|
|
|
|
|
pluginFiles.emplace_back(pluginFile);
|
|
|
|
|
|
}
|
|
|
|
|
|
for (const auto & file : pluginFiles) {
|
|
|
|
|
|
/* handle is purposefully leaked as there may be state in the
|
|
|
|
|
|
DSO needed by the action of the plugin. */
|
|
|
|
|
|
void *handle =
|
|
|
|
|
|
dlopen(file.c_str(), RTLD_LAZY | RTLD_LOCAL);
|
|
|
|
|
|
if (!handle)
|
2018-04-12 01:02:50 +00:00
|
|
|
|
throw Error("could not dynamically open plugin file '%s': %s", file, dlerror());
|
2018-02-13 12:51:52 +00:00
|
|
|
|
}
|
2018-02-08 16:26:18 +00:00
|
|
|
|
}
|
2018-02-13 19:43:32 +00:00
|
|
|
|
|
2018-03-27 16:41:31 +00:00
|
|
|
|
/* Since plugins can add settings, try to re-apply previously
|
|
|
|
|
|
unknown settings. */
|
|
|
|
|
|
globalConfig.reapplyUnknownSettings();
|
|
|
|
|
|
globalConfig.warnUnknownSettings();
|
2021-01-28 12:37:04 +00:00
|
|
|
|
|
|
|
|
|
|
/* Tell the user if they try to set plugin-files after we've already loaded */
|
|
|
|
|
|
settings.pluginFiles.pluginsLoaded = true;
|
2018-02-08 16:26:18 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-02-01 16:24:14 +00:00
|
|
|
|
static void preloadNSS()
|
|
|
|
|
|
{
|
|
|
|
|
|
/* builtin:fetchurl can trigger a DNS lookup, which with glibc can trigger a dynamic library load of
|
|
|
|
|
|
one of the glibc NSS libraries in a sandboxed child, which will fail unless the library's already
|
|
|
|
|
|
been loaded in the parent. So we force a lookup of an invalid domain to force the NSS machinery to
|
|
|
|
|
|
load its lookup libraries in the parent before any child gets a chance to. */
|
|
|
|
|
|
static std::once_flag dns_resolve_flag;
|
|
|
|
|
|
|
|
|
|
|
|
std::call_once(dns_resolve_flag, []() {
|
|
|
|
|
|
#ifdef __GLIBC__
|
|
|
|
|
|
/* On linux, glibc will run every lookup through the nss layer.
|
|
|
|
|
|
* That means every lookup goes, by default, through nscd, which acts as a local
|
|
|
|
|
|
* cache.
|
|
|
|
|
|
* Because we run builds in a sandbox, we also remove access to nscd otherwise
|
|
|
|
|
|
* lookups would leak into the sandbox.
|
|
|
|
|
|
*
|
|
|
|
|
|
* But now we have a new problem, we need to make sure the nss_dns backend that
|
|
|
|
|
|
* does the dns lookups when nscd is not available is loaded or available.
|
|
|
|
|
|
*
|
|
|
|
|
|
* We can't make it available without leaking nix's environment, so instead we'll
|
|
|
|
|
|
* load the backend, and configure nss so it does not try to run dns lookups
|
|
|
|
|
|
* through nscd.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This is technically only used for builtins:fetch* functions so we only care
|
|
|
|
|
|
* about dns.
|
|
|
|
|
|
*
|
|
|
|
|
|
* All other platforms are unaffected.
|
|
|
|
|
|
*/
|
|
|
|
|
|
if (!dlopen(LIBNSS_DNS_SO, RTLD_NOW))
|
|
|
|
|
|
warn("unable to load nss_dns backend");
|
|
|
|
|
|
// FIXME: get hosts entry from nsswitch.conf.
|
|
|
|
|
|
__nss_configure_lookup("hosts", "files dns");
|
|
|
|
|
|
#endif
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-12-19 13:06:07 +00:00
|
|
|
|
static bool initLibStoreDone = false;
|
|
|
|
|
|
|
|
|
|
|
|
void assertLibStoreInitialized() {
|
|
|
|
|
|
if (!initLibStoreDone) {
|
|
|
|
|
|
printError("The program must call nix::initNix() before calling any libstore library functions.");
|
|
|
|
|
|
abort();
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void initLibStore() {
|
2023-02-01 15:46:26 +00:00
|
|
|
|
|
2023-02-01 16:43:14 +00:00
|
|
|
|
initLibUtil();
|
|
|
|
|
|
|
2023-02-01 16:12:11 +00:00
|
|
|
|
if (sodium_init() == -1)
|
|
|
|
|
|
throw Error("could not initialise libsodium");
|
|
|
|
|
|
|
2023-02-01 15:46:26 +00:00
|
|
|
|
loadConfFile();
|
|
|
|
|
|
|
2023-02-01 16:24:14 +00:00
|
|
|
|
preloadNSS();
|
|
|
|
|
|
|
2023-02-01 16:35:28 +00:00
|
|
|
|
/* On macOS, don't use the per-session TMPDIR (as set e.g. by
|
|
|
|
|
|
sshd). This breaks build users because they don't have access
|
|
|
|
|
|
to the TMPDIR, in particular in ‘nix-store --serve’. */
|
|
|
|
|
|
#if __APPLE__
|
|
|
|
|
|
if (hasPrefix(getEnv("TMPDIR").value_or("/tmp"), "/var/folders/"))
|
|
|
|
|
|
unsetenv("TMPDIR");
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
2022-12-19 13:06:07 +00:00
|
|
|
|
initLibStoreDone = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2006-09-04 21:06:23 +00:00
|
|
|
|
}
|
